1

我正在尝试使用从两个文件(.p12 和 .p7b)加载的证书创建 SSL 连接。
我已尝试使用以下代码加载 .p12 文件

char []passwKey = "1234567".toCharArray();
        KeyStore ts = KeyStore.getInstance("PKCS12");
        ts.load(new FileInputStream("/home/user/Desktop/file.p12"), passwKey);
        KeyManagerFactory tmf = KeyManagerFactory.getInstance("SunX509");
        tmf.init(ts,passwKey);
        SSLContext sslContext = SSLContext.getInstance("TLS");
        sslContext.init(tmf.getKeyManagers(), null, null);
        SSLSocketFactory factory =sslContext.getSocketFactory();
        HttpsURLConnection.setDefaultSSLSocketFactory(factory);
        SSLSocket socket = (SSLSocket) factory.createSocket("www.host.com", 8883); // Create the ServerSocket
        String[] suites = socket.getSupportedCipherSuites();
        socket.setEnabledCipherSuites(suites);
        socket.startHandshake();

但我收到异常:

javax.net.ssl.SSLHandshakeException:sun.security.validator.ValidatorException:PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException:无法找到请求目标的有效证书路径

我相信我必须从 .p12 和 .p7b 文件(包含整个 CA 链)中创建一个 .jks 文件,但我对此很陌生,我不知道该怎么做。我发现的示例基于单个文件/证书。

更新:

我使用认证文件创建了一个密钥库(我相信我只需要 .p12 文件)但没有运气。所以我直接访问了该站点,并将证书导出为 .pem 并将其添加到密钥库中。在我的调试信息中,我现在收到“ServerHello”,但最后,我仍然得到

handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

我尝试了几种解决方案,例如。 Java 客户端证书通过 HTTPS/SSL获取 javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure 收到的 .p12 文件中的证书和从浏览器导出的证书出错,但它们都不起作用...

更新 2:

我试过这个:https://stackoverflow.com/a/11908693/1215791并设法到达 ServerHelloDone (并找到受信任的证书......)。

但是,我现在要做的是使用 SOAP 请求登录,我得到了这个:

com.sun.xml.internal.messaging.saaj.soap.MessageImpl identifyContentType
SEVERE: SAAJ0537: Invalid Content-Type. Could be an error message instead of a SOAP message
Exception in thread "main" com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: com.sun.xml.internal.messaging.saaj.SOAPExceptionImpl: Invalid Content-Type:text/html. Is this an error message instead of a SOAP response?
    at com.sun.xml.internal.messaging.saaj.client.p2p.HttpSOAPConnection.call(HttpSOAPConnection.java:148)
    at SoapT.login(SoapT.java:241)
    at SoapT.main(SoapT.java:75)

我相信这不是附加证书的问题,而是创建soap请求时的错误或服务器的错误(html)。

4

1 回答 1

1

试试not-yet-commons-ssl

非常易于使用的 SSL 库。创建 SSLClient 并添加 Trust 材料

网页示例:

Client Example:

SSLClient client = new SSLClient();

// Let's trust usual "cacerts" that come with Java.  Plus, let's also trust a self-signed cert
// we know of.  We have some additional certs to trust inside a java keystore file.
client.addTrustMaterial( TrustMaterial.DEFAULT );
client.addTrustMaterial( new TrustMaterial( "/path/to/self-signed.pem" ) );
client.addTrustMaterial( new KeyMaterial( "/path/to/keystore.jks", "changeit".toCharArray() ) );

// To be different, let's allow for expired certificates (not recommended).
client.setCheckHostname( true );  // default setting is "true" for SSLClient
client.setCheckExpiry( false );   // default setting is "true" for SSLClient
client.setCheckCRL( true );       // default setting is "true" for SSLClient

// Let's load a client certificate (max: 1 per SSLClient instance).
client.setKeyMaterial( new KeyMaterial( "/path/to/client.pfx", "secret".toCharArray() ) );
SSLSocket s = (SSLSocket) client.createSocket( "www.cucbc.com", 443 );
于 2013-04-09T08:56:53.617 回答